The EU Data Act Bans Cloud Switching Fees From 12 January 2027

sSystm Team5 min read
TL;DR

The EU Data Act (Regulation (EU) 2023/2854) bans cloud providers from charging switching charges — including data egress fees — from 12 January 2027. Until then, providers may only charge the direct costs of assisting a customer's move. The ban covers IaaS, PaaS and SaaS alike, and applies to any provider serving EU customers, not only EU-based ones. It doesn't retroactively rewrite existing contracts, which have to be amended, renewed or allowed to expire on schedule.

From 12 January 2027, it becomes illegal under EU law for a cloud provider to charge a customer anything to leave — including the data egress fees that have quietly locked businesses into their existing provider for the better part of two decades. The EU Data Act (Regulation (EU) 2023/2854) bans switching charges outright from that date, covering infrastructure, platform and software-as-a-service alike. For an agency that’s been quietly paying to keep its own client data hostage to a vendor’s export fees, that’s eighteen months of runway to know exactly what changes — and what doesn’t.

This is a summary of a regulation, not legal advice. Confirm your own contractual position with counsel before relying on any of it.

What is a “switching charge,” and why does the EU care?

A switching charge, in the Data Act’s terms, is any fee a data processing service provider imposes on a customer specifically for the act of moving to a different provider, or back to on-premises infrastructure. The most common form is a data egress fee — a per-gigabyte charge to export your own data out of a provider’s cloud. It’s rarely disclosed prominently at sign-up, and it scales with exactly the thing that makes it painful: the more data you’ve accumulated with a provider, the more it costs to leave.

The Data Act’s Chapter VI (Articles 23–31) is built to dismantle that specific mechanic. Article 23 establishes a general right to switch between providers, or to parallel use of multiple providers, without unnecessary obstacles. Article 25 sets requirements for what switching terms must actually look like in a contract — providers have to specify a maximum transitional period and support the customer through it. Article 30 requires providers to take “reasonable measures” to ensure functional equivalence after a switch, so the destination service can actually replace what the customer is leaving. Article 29 is the one with the January 2027 date attached: it bans switching charges outright, replacing an earlier transitional regime under which providers could only recover the direct costs actually incurred in helping the customer leave.

Does this cover SaaS, or only infrastructure clouds?

It covers SaaS. The Data Act’s definition of “data processing service” is deliberately broad — it spans infrastructure-as-a-service, platform-as-a-service and software-as-a-service, not just the raw compute-and-storage layer most people picture when they hear “cloud.” A SaaS product built on top of a hyperscaler is itself a data processing service under the Act, which means the obligations run in two directions: the SaaS vendor owes its customers a compliant switching path, and if that vendor is itself locked into its own infrastructure provider by egress fees, those get banned too.

That second point is where this regulation gets structurally interesting rather than just cost-relevant. A SaaS company that can be held hostage by its own cloud bill has no durable way to promise its customers a clean exit — the fee just moves up one layer. From January 2027, that layer disappears as a legal option.

What’s the transitional regime until then?

Between now and 12 January 2027, providers aren’t yet banned from charging for a switch — they’re limited to the direct costs actually incurred. That means the cost of the technical work involved in helping a customer migrate, not a punitive fee calculated to make leaving expensive. In practice, this transitional period is where most of the current disputes about “hidden” egress costs are playing out, because “direct cost” is a narrower standard than the flat per-gigabyte rates many providers have historically charged.

What’s still allowed to be charged after the ban takes effect?

The ban is specific to the act of switching, not to cloud pricing in general. Providers can still charge:

  • Standard subscription and usage fees — the ban doesn’t touch what you pay to use the service while you’re using it.
  • Proportionate early-termination fees on fixed-term contracts, where those were agreed upfront as part of the deal.
  • Genuinely bespoke work outside the regulatory switching scope — custom technical support, non-standard data formats, or services the switching provisions don’t cover.

What disappears is the ability to charge specifically because a customer is leaving, dressed up as a technical necessity.

Why the BYOC model was already ahead of this

There’s a structural reason this regulation reads less like a warning and more like a confirmation, if your agency’s data already lives in an account you own. Bring Your Own Cloud — the model where a vendor’s product operates on infrastructure provisioned inside your cloud account, rather than a shared database the vendor controls centrally — removes the switching-fee question before it can come up. There’s no export to negotiate a price for, because there was never a migration event: the database was always yours, on your account, from the day it was created. Cancelling the vendor doesn’t trigger a data transfer; it just means the vendor stops having access to something that was never theirs to begin with.

That’s the whole thesis behind what a BYOC agency OS actually is — and it’s also, functionally, what the Data Act is now legislating as a right for everyone else. The regulation is closing the gap between “your data, technically” and “your data, in practice.” Read more about how that ownership model works architecturally in our security page, or about the broader lock-in pattern this law is aimed at in SaaS vendor lock-in and how to avoid it.

What agencies should actually check before January 2027

  1. Read your current cloud and SaaS contracts for egress or exit fees, and note whether they’re structured as flat charges or itemised “direct costs” — the latter is closer to what the transitional regime already requires.
  2. Ask vendors directly what happens contractually on 12 January 2027 — existing agreements don’t auto-update, so a vendor that goes quiet on the question is a signal worth noting.
  3. Separate “can I leave” from “can I leave cheaply.” The Data Act addresses the fee. It doesn’t guarantee your data was ever structured in a portable, non-proprietary format to begin with — that’s a product decision the law can’t legislate.
  4. If data ownership matters to your clients contractually, ask whether your own vendors can currently demonstrate an exit that costs nothing beyond the work involved — not because the law will require it eventually, but because the ones who already do aren’t waiting for January 2027 to prove it.

Frequently asked questions

When do cloud egress fees become illegal in the EU?

From 12 January 2027, providers of data processing services covered by the EU Data Act may not charge switching charges — including data egress fees — at all. Until that date, a transitional regime applies: providers may only pass on the direct costs actually incurred in helping a customer switch.

Does the EU Data Act's switching fee ban apply to SaaS, or just infrastructure providers?

It applies to all of them. The Data Act defines 'data processing services' broadly enough to cover IaaS, PaaS and SaaS, and the switching provisions in Chapter VI apply across that whole category — not only to infrastructure-layer cloud.

Does the ban apply to providers outside the EU?

Yes. The obligation attaches to any provider offering data processing services to customers in the EU, regardless of where the provider is established — the same extraterritorial logic the GDPR uses.

What can a cloud provider still charge for after January 2027?

Standard subscription fees continue as normal, as do proportionate early-termination fees written into fixed-term contracts, and charges for services genuinely outside the regulatory switching scope — such as bespoke technical work or handling data types the standard switching process doesn't cover. What's banned specifically is charging extra to let a customer leave with their own data.

Do existing cloud contracts automatically follow the new rules from 12 January 2027?

No. Existing contracts don't automatically switch over. They need to be amended, allowed to run to their natural end and renewed under the new terms, or terminated — the ban doesn't retroactively rewrite an agreement that's already in force.

byocdata-ownershipvendor-lock-incostcompliance

sSystm is the first BYOC agency OS — your clients, your code and your cloud on your own Cloudflare account, with your AI working the whole workspace over MCP.

Join the waitlist